Wednesday, May 13, 2009

May 12: Massive Mac Update Day

--
Macintosh updates on the second Tuesday of the month?!
Déja vu man. Is Apple syncing updates with Microsoft? Is this to make Enterprise IT folks happy? I strongly suspect so.

I prefer the ASAP approach. Waiting around for the second-Tuesday-of-the-month is a dim idea from my POV. Hmph. What happens in the Microsoft world is that hackers get geared up for THE DAY and pounce on all the announced security holes via new malware. This works very well because only a small percentage of people update their Microsoft software on THE DAY. This allows hackers a window of opportunity to get into user machines while the getting is good. Alternatively, the ASAP approach provides no expectation time for hackers. It also gets security patches out in the field immediately rather than waiting around for potentially weeks, during which time each security hole sits out there ripe for the hacking.

Therefore, I hope this second-Tuesday-of-the-month security update is merely coincidence. Sorry Enterprise IT folks! Having THE DAY each month for security patches may be convenient, but it is BAD security protocol. Security wins in this business.


Rules for System Update Preparation:

1) You know what I'm going to say: Make A Backup! Expect updates to go wrong. They often do.

2) Repair your boot system! It is amazing how many system updates go bad simply because the boot system was corrupt. What else would you expect? Boot from your system installation disk and run the repairs inside Disk Utility.

3) Repair your boot system preferences! Despite the myths, bad file permissions are also a prominent reason why system updates go bad. Again, what else would you expect? Note: You also need to repair your permissions AFTER the update. Adobe always leave behind a mess. Even Apple make slip ups! Apple left behind bad permission settings after Leopard Server Update 10.5.6! Expect it to happen. Use Disk Utility.

4) Don't forget to update! Keeping up with system updates is very important! Check this out:
An example of how few computer users actually apply updates: The Microsoft Windows security hole exploited by the Conficker worm was patched way back in October, 2008. And yet, the Conficker worm zombied an estimated 15 MILLION+ Windows boxes after Microsoft provided the patch. Incredible.

The Update List:


Your Mac's System Update app will tell you what updates are necessary for your particular setup. The list of updates from 5/12 is long. All the links below are for each update's general description and download page. Each page has a further link to its detailed information page. If you would like to go directly to the security improvements list for each update, please go HERE.

Safari v3.2.3 for Windows, 19.69 MB

Safari v3.2.3 for Tiger, 26.29 MB

Safari v3.2.3 for Leopard, 40 MB

Safari v4.0 Public Beta Security Update for Tiger, Leopard, Windows XP and Windows Vista

Security Update 2009-002 for Tiger PPC, 75 MB

Security Update 2009-002 for Tiger Intel, 165 MB

Security Update 2009-002 for Tiger Server PPC, 130 MB

Security Update 2009-002 for Tiger and Leopard Server, Universal, 203 MB

Mac OS X Combo Update 10.5.7 Leopard, including 2009-002, 729 MB

Mac OS X Server Combo Update 10.5.7 Leopard, including 2009-002, 951 MB

Mac OS X Update 10.5.7 Leopard, including 2009-002
, 442 MB

Mac OS X Server Update 10.5.7 Leopard, including 2009-002, 452 MB

Coming up will be my summary and analysis of the security improvements provided by these updates.
--

2 comments:

  1. You mention "2) Repair your boot system! It is amazing how many system updates go bad simply because the boot system was corrupt. What else would you expect? Boot from your system installation disk and run the repairs inside Disk Utility." but a generally better choice is to do a safeboot - hold the shift key down. It does all the repairs DU will do in this scenario plus it will clean out cached information that should be refreshed every now and then anyway.

    *What is Safe Boot?* Starting up in Safe Mode* Safe Boot takes longer than normal startup*Computer shuts down during Safe Boot

    ReplyDelete
  2. Thank you for that tip! I had no idea that was the case. I thought fsck only ran at boot if the system had not been shut down properly.

    What I personally use, described at length in past posts, is the freeware app Applejack. It does all of the above and repairs permissions, checks for bad preference files and removes your virtual memory files.

    The drawback, which is why I don't universally recommend it, is that it requires users to boot into Single User Mode which confronts the users with a character line interface. I've worked with CLIs for decades and never liked them. I don't expect anyone else to like them either (although many people love them). Applejack does, thankfully, provide a very simple CLI interface.

    So for those who want a great little free repair tool and aren't afraid of the big bad CLI, I'd go for Applejack.

    :-Derek

    ReplyDelete